From: Petar Penkov <ppenkov.kernel@gmail.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net,
edumazet@google.com, lmb@cloudflare.com, sdf@google.com,
Petar Penkov <ppenkov@google.com>
Subject: [bpf-next RFC 1/6] tcp: tcp_syn_flood_action read port from socket
Date: Mon, 15 Jul 2019 17:26:45 -0700 [thread overview]
Message-ID: <20190716002650.154729-2-ppenkov.kernel@gmail.com> (raw)
In-Reply-To: <20190716002650.154729-1-ppenkov.kernel@gmail.com>
From: Petar Penkov <ppenkov@google.com>
This allows us to call this function before an SKB has been
allocated.
Signed-off-by: Petar Penkov <ppenkov@google.com>
---
net/ipv4/tcp_input.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index c21e8a22fb3b..8892df6de1d4 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6422,9 +6422,7 @@ EXPORT_SYMBOL(inet_reqsk_alloc);
/*
* Return true if a syncookie should be sent
*/
-static bool tcp_syn_flood_action(const struct sock *sk,
- const struct sk_buff *skb,
- const char *proto)
+static bool tcp_syn_flood_action(const struct sock *sk, const char *proto)
{
struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
const char *msg = "Dropping request";
@@ -6444,7 +6442,7 @@ static bool tcp_syn_flood_action(const struct sock *sk,
net->ipv4.sysctl_tcp_syncookies != 2 &&
xchg(&queue->synflood_warned, 1) == 0)
net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
- proto, ntohs(tcp_hdr(skb)->dest), msg);
+ proto, sk->sk_num, msg);
return want_cookie;
}
@@ -6487,7 +6485,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
*/
if ((net->ipv4.sysctl_tcp_syncookies == 2 ||
inet_csk_reqsk_queue_is_full(sk)) && !isn) {
- want_cookie = tcp_syn_flood_action(sk, skb, rsk_ops->slab_name);
+ want_cookie = tcp_syn_flood_action(sk, rsk_ops->slab_name);
if (!want_cookie)
goto drop;
}
--
2.22.0.510.g264f2c817a-goog
next prev parent reply other threads:[~2019-07-16 0:27 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 0:26 [bpf-next RFC 0/6] Introduce a BPF helper to generate SYN cookies Petar Penkov
2019-07-16 0:26 ` Petar Penkov [this message]
2019-07-16 0:26 ` [bpf-next RFC 2/6] tcp: add skb-less helpers to retrieve SYN cookie Petar Penkov
2019-07-16 11:34 ` Lorenz Bauer
2019-07-17 0:23 ` Petar Penkov
2019-07-16 0:26 ` [bpf-next RFC 3/6] bpf: add bpf_tcp_gen_syncookie helper Petar Penkov
2019-07-16 7:59 ` Eric Dumazet
2019-07-16 11:56 ` Lorenz Bauer
2019-07-17 0:27 ` Petar Penkov
2019-07-17 2:26 ` Alexei Starovoitov
2019-07-17 3:33 ` Petar Penkov
2019-07-16 11:54 ` Lorenz Bauer
2019-07-16 0:26 ` [bpf-next RFC 4/6] bpf: sync bpf.h to tools/ Petar Penkov
2019-07-16 0:26 ` [bpf-next RFC 5/6] selftests/bpf: bpf_tcp_gen_syncookie->bpf_helpers Petar Penkov
2019-07-16 0:26 ` [bpf-next RFC 6/6] selftests/bpf: add test for bpf_tcp_gen_syncookie Petar Penkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190716002650.154729-2-ppenkov.kernel@gmail.com \
--to=ppenkov.kernel@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=ppenkov@google.com \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.